DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement pathType validation (#9511)

Browse source
This commit is contained in:
Ricardo Katz 2023-01-16 23:51:23 -03:00 committed by GitHub
parent e6dcd6845e
commit da98c744b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 373 additions and 207 deletions
Download patch file Download diff file Expand all files Collapse all files

34
test/e2e/admission/admission.go
View file

@ -30,6 +30,14 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/ingress-nginx/test/e2e/framework"
networkingv1 "k8s.io/api/networking/v1"
)
var (
pathExact = networkingv1.PathTypeExact
pathPrefix = networkingv1.PathTypePrefix
pathImplSpecific = networkingv1.PathTypeImplementationSpecific
)
var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() {
@ -152,6 +160,32 @@ var _ = framework.IngressNginxDescribe("[Serial] admission controller", func() {
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid annotation value should return an error")
})
ginkgo.It("should reject ingress with bad characters and pathType != ImplementationSpecific", func() {
host := "admission-test"
firstIngress := framework.NewSingleIngress("first-ingress", "/xpto*", host, f.Namespace, framework.EchoService, 80, nil)
firstIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathPrefix
_, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
assert.NotNil(ginkgo.GinkgoT(), err, "creating an ingress with invalid path value should return an error")
secondIngress := framework.NewSingleIngress("second-ingress", "/abc123*", host, f.Namespace, framework.EchoService, 80, nil)
secondIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathImplSpecific
_, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), secondIngress, metav1.CreateOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with regex on path and pathType ImplementationSpecific should not return an error")
})
ginkgo.It("should not validate characters on ingress when validation of pathType is disabled", func() {
host := "admission-test"
f.UpdateNginxConfigMapData("disable-pathtype-validation", "true")
firstIngress := framework.NewSingleIngress("first-ingress", "/xpto*", host, f.Namespace, framework.EchoService, 80, nil)
firstIngress.Spec.Rules[0].IngressRuleValue.HTTP.Paths[0].PathType = &pathPrefix
_, err := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Create(context.TODO(), firstIngress, metav1.CreateOptions{})
assert.Nil(ginkgo.GinkgoT(), err, "creating an ingress with regex chars on path and pathType validation disabled should be accepted")
})
ginkgo.It("should return an error if there is a forbidden value in some annotation", func() {
host := "admission-test"